CVE-2009-0039

medium Apache
CVSS v3 Base Score
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
3.8%
Exploitation probability in 30 days
Top 12% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: April 17, 2009 (6236 days ago)
Last Modified: April 23, 2026
Vendor: Apache
Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.

CWE

CWE-352

Affected Products

apache geronimo

References

🔗 dsecrg.com 🔗 geronimo.apache.org 🔗 issues.apache.org 🔗 secunia.com 🔗 www.securityfocus.com